Initial Update

[pyup-bot]

This is my first visit to this fine repo so I have bundled all updates in a single pull request to make things easier for you to merge.

Close this pull request and delete the branch if you want me to start with single pull requests right away

Here's the executive summary:

Updates

Here's a list of all the updates bundled in this pull request. I've added some links to make it easier for you to find all the information you need.

cryptography	1.4	»	1.8.1	PyPI | Changelog | Repo
gevent	1.1.2	»	1.2.1	PyPI | Changelog | Homepage
html5lib	0.9999999	»	0.999999999	PyPI | Changelog | Repo

Changelogs

cryptography 1.4 -> 1.8.1

1.8

• Added support for Python 3.6.
• Windows and macOS wheels now link against OpenSSL 1.1.0.
• macOS wheels are no longer universal. This change significantly shrinks the
  size of the wheels. Users on macOS 32-bit Python (if there are any) should
  migrate to 64-bit or build their own packages.
• Changed ASN.1 dependency from pyasn1 to asn1crypto resulting in a
  general performance increase when encoding/decoding ASN.1 structures. Also,
  the pyasn1_modules test dependency is no longer required.
• Added support for
  :meth:~cryptography.hazmat.primitives.ciphers.CipherContext.update_into on
  :class:~cryptography.hazmat.primitives.ciphers.CipherContext.
• Added
  :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.private_bytes
  to
  :class:~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.
• Added
  :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization.public_bytes
  to
  :class:~cryptography.hazmat.primitives.asymmetric.dh.DHPublicKeyWithSerialization.
• :func:~cryptography.hazmat.primitives.serialization.load_pem_private_key
  and
  :func:~cryptography.hazmat.primitives.serialization.load_der_private_key
  now require that password must be bytes if provided. Previously this
  was documented but not enforced.
• Added support for subgroup order in :doc:/hazmat/primitives/asymmetric/dh.

1.7.2

• Updated Windows and macOS wheels to be compiled against OpenSSL 1.0.2k.

1.7.1

• Fixed a regression in int_from_bytes where it failed to accept
  bytearray.

1.7

• Support for OpenSSL 1.0.0 has been removed. Users on older version of OpenSSL
  will need to upgrade.
• Added support for Diffie-Hellman key exchange using
  :meth:~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKeyWithSerialization.exchange
• The OS random engine for OpenSSL has been rewritten to improve compatibility
  with embedded Python and other edge cases. More information about this change
  can be found in the
  pull request <https://github.com/pyca/cryptography/pull/3229>_.

1.6

• Deprecated support for OpenSSL 1.0.0. Support will be removed in
  cryptography 1.7.
• Replaced the Python-based OpenSSL locking callbacks with a C version to fix
  a potential deadlock that could occur if a garbage collection cycle occurred
  while inside the lock.
• Added support for :class:~cryptography.hazmat.primitives.hashes.BLAKE2b and
  :class:~cryptography.hazmat.primitives.hashes.BLAKE2s when using OpenSSL
  1.1.0.
• Added
  :attr:~cryptography.x509.Certificate.signature_algorithm_oid support to
  :class:~cryptography.x509.Certificate.
• Added
  :attr:~cryptography.x509.CertificateSigningRequest.signature_algorithm_oid
  support to :class:~cryptography.x509.CertificateSigningRequest.
• Added
  :attr:~cryptography.x509.CertificateRevocationList.signature_algorithm_oid
  support to :class:~cryptography.x509.CertificateRevocationList.
• Added support for :class:~cryptography.hazmat.primitives.kdf.scrypt.Scrypt
  when using OpenSSL 1.1.0.
• Added a workaround to improve compatibility with Python application bundling
  tools like PyInstaller and cx_freeze.
• Added support for generating a
  :meth:~cryptography.x509.random_serial_number.
• Added support for encoding IPv4Network and IPv6Network in X.509
  certificates for use with :class:~cryptography.x509.NameConstraints.
• Added :meth:~cryptography.x509.Name.public_bytes to
  :class:~cryptography.x509.Name.
• Added :class:~cryptography.x509.RelativeDistinguishedName
• :class:~cryptography.x509.DistributionPoint now accepts
  :class:~cryptography.x509.RelativeDistinguishedName for
  :attr:~cryptography.x509.DistributionPoint.relative_name.
  Deprecated use of :class:~cryptography.x509.Name as
  :attr:~cryptography.x509.DistributionPoint.relative_name.
• :class:~cryptography.x509.Name now accepts an iterable of
  :class:~cryptography.x509.RelativeDistinguishedName. RDNs can
  be accessed via the :attr:~cryptography.x509.Name.rdns
  attribute. When constructed with an iterable of
  :class:~cryptography.x509.NameAttribute, each attribute becomes
  a single-valued RDN.
• Added
  :func:~cryptography.hazmat.primitives.asymmetric.ec.derive_private_key.
• Added support for signing and verifying RSA, DSA, and ECDSA signatures with
  :class:~cryptography.hazmat.primitives.asymmetric.utils.Prehashed
  digests.

1.5.3

• SECURITY ISSUE: Fixed a bug where HKDF would return an empty
  byte-string if used with a length less than algorithm.digest_size.
  Credit to Markus Döring for reporting the issue. CVE-2016-9243

1.5.2

• Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2j.

1.5.1

• Updated Windows and OS X wheels to be compiled against OpenSSL 1.0.2i.
• Resolved a UserWarning when used with cffi 1.8.3.
• Fixed a memory leak in name creation with X.509.
• Added a workaround for old versions of setuptools.
• Fixed an issue preventing cryptography from compiling against
  OpenSSL 1.0.2i.

1.5

• Added
  :func:~cryptography.hazmat.primitives.asymmetric.padding.calculate_max_pss_salt_length.
• Added "one shot"
  :meth:~cryptography.hazmat.primitives.asymmetric.dsa.DSAPrivateKey.sign
  and
  :meth:~cryptography.hazmat.primitives.asymmetric.dsa.DSAPublicKey.verify
  methods to DSA keys.
• Added "one shot"
  :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign
  and
  :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.verify
  methods to ECDSA keys.
• Switched back to the older callback model on Python 3.5 in order to mitigate
  the locking callback problem with OpenSSL <1.1.0.
• :class:~cryptography.x509.CertificateBuilder,
  :class:~cryptography.x509.CertificateRevocationListBuilder, and
  :class:~cryptography.x509.RevokedCertificateBuilder now accept timezone
  aware datetime objects as method arguments
• cryptography now supports OpenSSL 1.1.0 as a compilation target.

gevent 1.1.2 -> 1.2.1

1.2.1

==================

• CI services now test on 3.6.0.
• Windows: Provide socket.socketpair for all Python 3 versions.
  This was added to Python 3.5, but tests were only added in 3.6.
  (For versions older than 3.4 this is a gevent extension.) Previously
  this was not supported on any Python 3 version.
• Windows: List subprocess.STARTUPINFO in subprocess.__all__
  for 3.6 compatibility.
• The _DummyThread objects created by calling
  :func:threading.current_thread from inside a raw
  :class:greenlet.greenlet in a system with monkey-patched
  threading now clean up after themselves when the
  greenlet dies (:class:gevent.Greenlet-based _DummyThreads have
  always cleaned up). This requires the use of a :class:weakref.ref
  (and may not be timely on PyPy).
  Reported in :issue:918 by frozenoctobeer.
• Build OS X wheels with -D_DARWIN_FEATURE_CLOCK_GETTIME=0 for
  compatibility with OS X releases before 10.12 Sierra. Reported by
  Ned Batchelder in :issue:916.

1.2.0

==================

• The c-ares DNS resolver ignores bad flags to getnameinfo, like the
  system resolver does. Discovered when cleaning up the DNS resolver
  tests to produce more reliable results. See :issue:774.

1.2a2

===================

• Update libev to version 4.23.
• Allow the MAKE environment variable to specify the make command
  on non-Windows systems for ease of development on BSD systems where
  make is BSD make and gmake is GNU make (gevent requires GNU
  make). See :issue:888.
• Let :class:gevent.server.StreamServer accept an SSLContext on
  Python versions that support it. Added in :pr:904 by Arcadiy Ivanov.

1.2a1

====================

Incompatible Changes

• Support for Python 2.6 has been removed. See :pr:766.
• Remove module gevent.coros which was replaced by gevent.lock
  and has been deprecated since 1.0b2.
• The internal implementation modules gevent.corecext and
  gevent.corecffi have been moved. Please import from
  gevent.core instead; this has always been the only documented place to
  import from.

Libraries and Installation

• Update libev to version 4.22 (was 4.20).
• Update tblib to 1.3.0.
• Update Cython to 0.25 (was 0.23.5).
• Update c-ares to version 1.12.0 (was 1.10.0) (release notes <https://c-ares.haxx.se/changelog.html>_).
• For the benefit of downstream package maintainers, gevent is now
  tested with c-ares and libev linked dynamically and not embedded
  (i.e., using the system libraries). However, only the versions
  shipped with gevent are tested and known to work.
• The repository directory layout has been changed to make it easier
  to include third-party dependencies. Likewise, the setup.py script
  has been split to make it easier to build third-party dependencies.
• PyPy/CFFI: The corecffi native extension is now only built at
  installation time. Previously, if it wasn't available, a build was
  attempted at every import. This could lead to scattered "gevent"
  directories and undependable results.
• setuptools is now required at build time on all platforms.
  Previously it was only required for Windows and PyPy.
• POSIX: Don't hardcode /bin/sh into the configuration command
  line, instead relying on sh being on the PATH, as
  recommended by the standard <http://pubs.opengroup.org/onlinepubs/9699919799/utilities/sh.html>_.
  Fixed in :pr:809 by Fredrix Fornwall.

Security

• :mod:gevent.pywsgi now checks that the values passed to
  start_response do not contain a carriage return or newline in
  order to prevent HTTP response splitting (header injection), raising
  a :exc:ValueError if they do. See :issue:775.
• Incoming headers containing an underscore are no longer placed in
  the WSGI environ. See :issue:819.
• Errors logged by :class:~gevent.pywsgi.WSGIHandler no
  longer print the entire WSGI environment by default. This avoids
  possible information disclosure vulnerabilities. Applications can
  also opt-in to a higher security level for the WSGI environment if they
  choose and their frameworks support it. Originally reported
  in :pr:779 by sean-peters-au and changed in :pr:781.

Platforms

• As mentioned above, Python 2.6 is no longer supported.
• Python 3.6 is now tested on POSIX platforms. This includes a few
  notable changes:

• SSLContext.wrap_socket accepts the session parameter, though
  this parameter isn't useful prior to 3.6.
• SSLSocket.recv(0) or read(0) returns an empty byte string. This is
  a fix for Python bug 23804 <http://bugs.python.org/issue23804>_
  which has also been merged into Python 2.7 and Python 3.5.

• PyPy3 5.5.0 alpha (supporting Python 3.3.5) is now tested and passes the
  test suite. Thanks to btegs for :issue:866, and Fabio Utzig for :pr:826.
  Note that PyPy3 is not optimized for performance either by the PyPy
  developers or under gevent, so it may be significantly slower than PyPy2.

Stdlib Compatibility

• The modules :mod:gevent.os, :mod:gevent.signal and
  :mod:gevent.select export all the attributes from their
  corresponding standard library counterpart.
• Python 2: reload(site) no longer fails with a TypeError if
  gevent has been imported. Reported in :issue:805 by Jake Hilton.
• Python 2: sendall on a non-blocking socket could spuriously fail
  with a timeout.

select/poll

• If :func:gevent.select.select is given a negative timeout
  argument, raise an exception like the standard library does.
• If :func:gevent.select.select is given closed or invalid
  file descriptors in any of its lists, raise the appropriate
  EBADF exception like the standard library does. Previously,
  libev would tend to return the descriptor as ready. In the worst
  case, this adds an extra system call, but may also reduce latency if
  descriptors are ready at the time of entry.
• :class:selectors.SelectSelector is properly monkey-patched
  regardless of the order of imports. Reported in :issue:835 by
  Przemysław Węgrzyn.
• :meth:gevent.select.poll.unregister raises an exception if fd is not
  registered, like the standard library.
• :meth:gevent.select.poll.poll returns an event with
  POLLNVAL for registered fds that are invalid. Previously it
  would tend to report both read and write events.

File objects

• FileObjectPosix exposes the read1 method when in read mode,
  and generally only exposes methods appropriate to the mode it is in.
• FileObjectPosix supports a bufsize of 0 in binary write modes.
  Reported in :issue:840 by Mike Lang.
• Python 3: :meth:gevent.socket.connect_ex was letting
  BlockingIOError (and possibly others) get raised instead of
  returning the errno due to the refactoring of the exception
  hierarchy in Python 3.3. Now the errno is returned. Reported in
  :issue:841 by Dana Powers.

Other Changes

• :class:~.Group and :class:~.Pool now return whether
  :meth:~.Group.join returned with an empty group. Suggested by Filippo Sironi in
  :pr:503.
• Unhandled exception reports that kill a greenlet now include a
  timestamp. See :issue:137.
• :class:~.PriorityQueue now ensures that an initial items list is a
  valid heap. Fixed in :pr:793 by X.C.Dong.
• :class:gevent.hub.signal (aka :func:gevent.signal) now verifies
  that its handler argument is callable, raising a :exc:TypeError
  if it isn't. Reported in :issue:818 by Peter Renström.
• If sys.stderr has been monkey-patched (not recommended),
  exceptions that the hub reports aren't lost and can still be caught.
  Reported in :issue:825 by Jelle Smet.
• The :func:gevent.os.waitpid function is cooperative in more
  circumstances. Reported in :issue:878 by Heungsub Lee.
• The various FileObject implementations are more consistent with
  each other. Note: Writing to the io property of a FileObject should be
  considered deprecated.
• Timeout exceptions (and other asynchronous exceptions) could cause
  the BackdoorServer to fail to properly manage the
  stdout/stderr/stdin values. Reported with a patch in :pr:874 by
  stefanmh.
• The BackDoorServer now tracks spawned greenlets (connections) and
  kills them in its stop method.

Servers

- Default to AF_INET6 when binding to all addresses (e.g.,
 ""). This supports both IPv4 and IPv6 connections (except on
 Windows). Original change in :pr:`495` by Felix Kaiser.
- pywsgi/performance: Chunks of data the application returns are no longer copied
 before being sent to the socket when the transfer-encoding is
 chunked, potentially reducing overhead for large responses.

Threads

- Add :class:`gevent.threadpool.ThreadPoolExecutor` (a
 :class:`concurrent.futures.ThreadPoolExecutor` variant that always
 uses native threads even when the system has been monkey-patched)
 on platforms that have ``concurrent.futures``
 available (Python 3 and Python 2 with the ``futures`` backport
 installed). This is helpful for, e.g., grpc. Reported in
 :issue:`786` by Markus Padourek.
- Native threads created before monkey-patching threading can now be
 joined. Previously on Python < 3.4, doing so would raise a
 ``LoopExit`` error. Reported in :issue:`747` by Sergey Vasilyev.

SSL

- On Python 2.7.9 and above (more generally, when the SSL backport is
 present in Python 2), :func:`gevent.ssl.get_server_certificate`
 would raise a :exc:`ValueError` if the system wasn't monkey-patched.
 Reported in :issue:`801` by Gleb Dubovik.
- On Python 2.7.9 and Python 3, closing an SSL socket in one greenlet
 while it's being read from or written to in a different greenlet is
 less likely to raise a :exc:`TypeError` instead of a
 :exc:`ValueError`. Reported in :issue:`800` by Kevin Chen.

subprocess module

• Setting SIGCHLD to SIG_IGN or SIG_DFL after :mod:gevent.subprocess
  had been used previously could not be reversed, causing
  Popen.wait and other calls to hang. Now, if SIGCHLD has been
  ignored, the next time :mod:gevent.subprocess is used this will be
  detected and corrected automatically. (This potentially leads to
  issues with :func:os.popen on Python 2, but the signal can always
  be reset again. Mixing the low-level process handling calls,
  low-level signal management and high-level use of
  :mod:gevent.subprocess is tricky.) Reported in :issue:857 by
  Chris Utz.
• Popen.kill and send_signal no longer attempt to send signals
  to processes that are known to be exited.

Several backwards compatible updates to the subprocess module have
been backported from Python 3 to Python 2, making
:mod:gevent.subprocess smaller, easier to maintain and in some cases
safer.

• Popen objects can be used as context managers even on Python 2. The
  high-level API functions (call, etc) use this for added safety.
• The :mod:gevent.subprocess module now provides the
  :func:gevent.subprocess.run function in a cooperative way even
  when the system is not monkey patched, on all supported versions of
  Python. (It was added officially in Python 3.5.)
• Popen objects save their args attribute even on Python 2.
• :exc:gevent.subprocess.TimeoutExpired is defined even on Python 2,
  where it is a subclass of the :exc:gevent.timeout.Timeout
  exception; all instances where a Timeout exception would
  previously be thrown under Python 2 will now throw a
  TimeoutExpired exception.
• :func:gevent.subprocess.call (and check_call) accepts the
  timeout keyword argument on Python 2. This is standard on Python
  3, but a gevent extension on Python 2.
• :func:gevent.subprocess.check_output accepts the timeout and
  input arguments on Python 2. This is standard on Python 3, but a
  gevent extension on Python 2.

html5lib 0.9999999 -> 0.999999999

0.999999999

Released on July 15, 2016

• Fix attribute order going to the tree builder to be document order
  instead of reverse document order(!).

0.99999999

Released on July 14, 2016

• Added ordereddict as a mandatory dependency on Python 2.6.

• Added lxml, genshi, datrie, charade, and all
  extras that will do the right thing based on the specific
  interpreter implementation.

• Now requires the mock package for the testsuite.

• Cease supporting DATrie under PyPy.

• Remove PullDOM support, as this hasn't ever been properly
  tested, doesn't entirely work, and as far as I can tell is
  completely unused by anyone.

• Move testsuite to py.test.

• Fix 124: move to webencodings for decoding the input byte stream;
  this makes html5lib compliant with the Encoding Standard, and
  introduces a required dependency on webencodings.

• Cease supporting Python 3.2 (in both CPython and PyPy forms).

• Fix comments containing double-dash with lxml 3.5 and above.

• Use scripting disabled by default (as we don't implement
  scripting).

• Fix 11, avoiding the XSS bug potentially caused by serializer
  allowing attribute values to be escaped out of in old browser versions,
  changing the quote_attr_values option on serializer to take one of
  three values, "always" (the old True value), "legacy" (the new option,
  and the new default), and "spec" (the old False value, and the old
  default).

• Fix 72 by rewriting the sanitizer to apply only to treewalkers
  (instead of the tokenizer); as such, this will require amending all
  callers of it to use it via the treewalker API.

• Drop support of charade, now that chardet is supported once more.

• Replace the charset keyword argument on parse and related methods
  with a set of keyword arguments: override_encoding, transport_encoding,
  same_origin_parent_encoding, likely_encoding, and default_encoding.

• Move filters._base, treebuilder._base, and treewalkers._base to .base
  to clarify their status as public.

• Get rid of the sanitizer package. Merge sanitizer.sanitize into the
  sanitizer.htmlsanitizer module and move that to saniziter. This means
  anyone who used sanitizer.sanitize or sanitizer.HTMLSanitizer needs no
  code changes.

• Rename treewalkers.lxmletree to .etree_lxml and
  treewalkers.genshistream to .genshi to have a consistent API.

• Move a whole load of stuff (inputstream, ihatexml, trie, tokenizer,
  utils) to be underscore prefixed to clarify their status as private.

Once you have closed this pull request, I'll create seperate pull requests for every update as soon as I find them.

That's it for now!

Happy merging! 🤖

[codecov-io]

Codecov Report

Merging #4486 into master will not change coverage.
The diff coverage is n/a.

@@          Coverage Diff           @@
##           master   #4486   +/-   ##
======================================
  Coverage    94.6%   94.6%           
======================================
  Files         354     354           
  Lines       18859   18859           
  Branches     1088    1088           
======================================
  Hits        17842   17842           
- Misses        905     908    +3     
+ Partials      112     109    -3

Impacted Files	Coverage Δ
h/search/__init__.py	38.88% <0%> (ø)	⬆️
h/session.py	91.83% <0%> (ø)	⬆️
h/stats.py	83.33% <0%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3e900fe...216e357. Read the comment docs.

[codecov-io]

Codecov Report

Merging #4486 into master will not change coverage.
The diff coverage is n/a.

@@          Coverage Diff           @@
##           master   #4486   +/-   ##
======================================
  Coverage    94.6%   94.6%           
======================================
  Files         354     354           
  Lines       18859   18859           
  Branches     1088    1088           
======================================
  Hits        17842   17842           
- Misses        905     908    +3     
+ Partials      112     109    -3

Impacted Files	Coverage Δ
h/search/__init__.py	38.88% <0%> (ø)	⬆️
h/session.py	91.83% <0%> (ø)	⬆️
h/stats.py	83.33% <0%> (ø)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3e900fe...216e357. Read the comment docs.